//package com.xiao.foundation.config;
//
//import com.xiao.foundation.security.SecuritySetting;
//import com.xiao.foundation.security.oauth2.JwtGrantedAuthorityConverter;
//import lombok.extern.slf4j.Slf4j;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Import;
//import org.springframework.core.convert.converter.Converter;
//import org.springframework.security.authentication.AbstractAuthenticationToken;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.builders.WebSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.oauth2.jwt.Jwt;
//import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
//import org.zalando.problem.spring.web.advice.security.SecurityProblemSupport;
//
///**
// * @author zhoushaofeng
// */
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
//@Import(SecurityProblemSupport.class)
//@Slf4j
//public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
//
////    private final TokenProvider tokenProvider;
////    @Value(value = "${application.security.secret")
////    private String secret;
////    private final SecurityProblemSupport problemSupport;
////    private final SecuritySetting securitySetting;
//
//    private String issuerUri;
//
//    public SecurityConfiguration() {
//    }
//
//    @Override
//    public void configure(WebSecurity web) {
////        web.ignoring()
//////            .antMatchers(HttpMethod.OPTIONS, "/**")
//////            .antMatchers("/**")            .antMatchers("/app/**/*.{js,html}")
////            .antMatchers("/**/*.{js,html}")
////            .antMatchers("/h2-console/**")
////            .antMatchers("/swagger-ui.html")
////            .antMatchers("/test/**");
//        web.ignoring()
//                .antMatchers("/webjars/**")
//                .antMatchers("/v2/api-docs",
//                        "/swagger-resources/configuration/ui",
//                        "/swagger-resources",
//                        "/swagger-resources/configuration/security",
//                        "/swagger-ui.html");
//    }
//
//    @Override
//    public void configure(HttpSecurity http) throws Exception {
//        http.csrf()
//                .disable()
//                .authorizeRequests()
//                .antMatchers("/**", "/sms/**", "authenticate")
//                .permitAll()
//                .anyRequest().permitAll();
////        http.csrf()
////                .disable()
////                .exceptionHandling()
//////                .authenticationEntryPoint(problemSupport)
//////                .accessDeniedHandler(problemSupport)
////                .and()
////                .headers()
////                .contentSecurityPolicy("default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com data:")
////                .and()
////                .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
////                .and()
////                .frameOptions()
////                .deny()
////                .and()
////                .authorizeRequests()
////                .antMatchers("/authenticate").permitAll()
////                .anyRequest().authenticated()
////                .and()
//////                .oauth2ResourceServer()
//////                .jwt()
//////                .jwtAuthenticationConverter(authenticationConverter());
////                .oauth2ResourceServer((oauth2ResourceServer) ->
////                        oauth2ResourceServer
////                                .jwt((jwt) ->
////                                        jwt.decoder(jwtDecoder())
////                                )
////                );
//    }
//
//
////    @Bean
////    public JwtAuthenticationConverter jwtAuthenticationConverter() {
////        JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
////        grantedAuthoritiesConverter.setAuthorityPrefix("");
////        grantedAuthoritiesConverter.setAuthoritiesClaimName("authorities");
////
////        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
////        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
////        return jwtAuthenticationConverter;
////    }
//
//    @Bean
//    Converter<Jwt, AbstractAuthenticationToken> authenticationConverter() {
//        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
//        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthorityConverter());
//        return jwtAuthenticationConverter;
//    }
//
////    @Bean
////    JwtDecoder jwtDecoder() {
//////        NimbusJwtDecoder jwtDecoder = (NimbusJwtDecoder) JwtDecoders.fromOidcIssuerLocation(issuerUri);
////        byte[] keyBytes = Base64.getDecoder().decode(securitySetting.getSecret());
////        SecretKey secretKey = new SecretKeySpec(keyBytes, "MAC");
////
////        return NimbusJwtDecoder
////                .withSecretKey(secretKey)
////                .macAlgorithm(MacAlgorithm.HS256)
////                .build();
//
////        return null;
////        OAuth2TokenValidator<Jwt> audienceValidator = new AudienceValidator(jHipsterProperties.getSecurity().getOauth2().getAudience());
////        OAuth2TokenValidator<Jwt> withIssuer = JwtValidators.createDefaultWithIssuer(issuerUri);
////        OAuth2TokenValidator<Jwt> withAudience = new DelegatingOAuth2TokenValidator<>(withIssuer, audienceValidator);
////
////        jwtDecoder.setJwtValidator(withAudience);
//
////        return jwtDecoder;
////        byte[] keyBytes = Base64.getDecoder().decode("WWERWFAFDAFABDFAD");
////        String secret = applicationProperties.getSecurity()
////                .getAuthentication()
////                .getJwt()
////                .getSecret();
////        if (!StringUtils.isEmpty(secret)) {
////            log.warn("Warning: the JWT key used is not Base64-encoded. " +
////                    "We recommend using the `jhipster.security.authentication.jwt.base64-secret` key for optimum security.");
////            keyBytes = secret.getBytes(StandardCharsets.UTF_8);
////        } else {
////            log.debug("Using a Base64-encoded JWT secret key");
////            String base64Secret = applicationProperties
////                    .getSecurity()
////                    .getAuthentication()
////                    .getJwt()
////                    .getBase64Secret();
////            keyBytes = Base64.getDecoder().decode(base64Secret);
////        }
////        SecretKey secretKey = new SecretKeySpec(keyBytes, "MAC");
////        return NimbusJwtDecoder
////                .withSecretKey(secretKey)
////                .macAlgorithm(MacAlgorithm.HS512)
////                .build();
////    }
//}
